runningrat | 72395ec1a48758a005d052d72fde286c083be13110308fdc4216bd8e9c325de7

General

Target

hehe.7z
Size

813KB
Sample

240611-ymle3szalh
MD5

52d1e3a34e9f764c9904c28ab1df147a
SHA1

66ae0c06c95d98fdf90f6a3ebaad2d664df815cc
SHA256

72395ec1a48758a005d052d72fde286c083be13110308fdc4216bd8e9c325de7
SHA512

b1619efdc38e10d3cf4f893805ef027a9e48e460a382acd31e04f4e78fc85873a8fcaa7c476c8b67c322f30c7a6e6ba10e7b990c18c70acf929b4e8e9b78aab8
SSDEEP

12288:FaLH23e/7Lw58CBd/PyOPDdAD7or/DTiEdx6qLeZqaSAJaWAkBJY08QD30zYr4:SbnPaPycDGg/D9bLqRSAJ+kTY0B30Mk

Score

10^/10

runningrat persistence

Malware Config

Targets

- Target
  
  360setr.exe
- Size
  
  48KB
- MD5
  
  483fe860119307c2f9e2f7ed4caadc81
- SHA1
  
  b5fa21f06419e585cb9faa7227f1931a8521ca5f
- SHA256
  
  acee72d648216217f6208a6d648767f06252a72aa3a8f4bf88de049eecb27c23
- SHA512
  
  4590310719d9a253e71dcb46775029d1213c87f21d6d002ec78584cc5eece9fdf169af174ae287a9328c81c1699927b552fdb1b4b8d1b59f706511ae48b142c7
- SSDEEP
  
  768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67dhPC:Ub1MsHz3JDwhyWr+N95OTga6u
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Creates a Windows Service
  persistence
- Drops file in System32 directory
behavioral1
- Target
  
  988.exe
- Size
  
  2.1MB
- MD5
  
  8eadcc4d69631ce1252201d164bff08c
- SHA1
  
  364278c807838bf3d75001c72bffa9b00bb42dd6
- SHA256
  
  54334afc530f334754ec13761319c8ef536fc644fcd33e5c405ba4aedb8fd90b
- SHA512
  
  97fa9dfd9444f711a31c6d017d00151664c8e1e7bc6cc157d55bb59ae13e0d453d1475b82ce6b577b7b3ad448df989550f7594283f016877cda0c8324fd84b6a
- SSDEEP
  
  49152:TF4qX74X0XrtpUePzKtA+F3l7BPAeYKHdj/PAHD1QCizINk/Sap19W:a874X0JpUePzV+xl79AeYKHdj/PGDAIC
Score

3^/10
behavioral2
- Target
  
  adnwr.exe
- Size
  
  48KB
- MD5
  
  d83cac8ac77e88472b7d1a46b4bdc006
- SHA1
  
  ae5b4606463ca36ae8785bfcbc47cc4dee9b1fb0
- SHA256
  
  e1813b54272346a48364e789cb04bad5e292cbf3cc16057dc6435e965b377c0c
- SHA512
  
  a1460605dccd2540394f8f3ee8ec0c2e1ffd8ffe42c25f72470089da247ebc7ef1587372847e42bab901dbdf665596dfd658b44ac04ae1d0f2adb8165be2922e
- SSDEEP
  
  768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67QhPC:Ub1MsHz3JDwhyWr+N95OTga67
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Creates a Windows Service
  persistence
- Drops file in System32 directory
behavioral3
- Target
  
  harst.exe
- Size
  
  76KB
- MD5
  
  2533de08d221342961e8f5382fd0357a
- SHA1
  
  dabe6e7b5866e9742c08786352817156e80fe7f6
- SHA256
  
  beefa8b66319f9f9e918e9b59f2abd98d5edd82d714f17072894e572ec003e98
- SHA512
  
  83124312a2102fd3359a5ff46015a488b845cf533909101d82dc16139378da949479d8490ce27524150c73c896c4b5ce2277fcc115883d20b540dc1708357562
- SSDEEP
  
  768:Z1zRSL+BoBxN9tpdC7EezJ0d8hPUtrFRtFtg3NojiwvuccA4iiKahtAZchhD6EWr:l3oBdk7ESuqhParNMKnFfiroZchxfSF
Score

8^/10

persistence
- Sets DLL path for service in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Creates a Windows Service
  persistence
- Drops file in System32 directory
behavioral4
- Target
  
  ��ٳ�1.0.exe
- Size
  
  48KB
- MD5
  
  7f0bf23db6496335d9adf01fb50ec091
- SHA1
  
  92ba1a47b40306bf5e4027506c7683ab3577fb73
- SHA256
  
  1f2e39728d627019c482b270eabb614d39100ed910797c6884fc405ae6514412
- SHA512
  
  f62a8b136cec137784692547bb7259e36592dd474c16914683f872ab30f482d8acf6a2064c996515c1c99b3337c15b4d0c85fe971cd599c8e9aa54b5822f40df
- SSDEEP
  
  768:zynb12Aw5J6HC4kq5Jp9bjAzhyY55J+NStcEeUlyqgZl4p67ThPC:Ub1MsHz3JDwhyWr+N95OTga6I
Score

1^/10
behavioral5